Guest Posted October 10, 2010 Posted October 10, 2010 I have decided to start my site over, since for me the security is more important than anything else. I uninstalled OSC and reinstalled it, now when I type my URL into the browser with a www at the start I get a blank page. If I type in just my site or http my site will come up. What have I managed to mess up? Thanks in advance, Heather
germ Posted October 10, 2010 Posted October 10, 2010 It works for me no matter how I access it. How to Secure Your Site Pay close attention to "SECURING THE ADMIN" - Yours is vulnerable. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
MrPhil Posted October 10, 2010 Posted October 10, 2010 Unless you know or suspect that you were hacked, reinstalling osC isn't going to do a thing for you security-wise. You need to follow the instructions in http://www.oscommerce.com/forums/index.php?showtopic=313323 to plug all the known security holes -- none of this comes preinstalled. If you think you were hacked, did you erase all files except for product images, and save your configure.php files to compare against the new ones (or to repopulate the new ones)? As for your White Screen of Death problem, giving http://mystore.com shouldn't be any different than http://www.mystore.com. They should be running exactly the same code, unless you're doing something weird in your .htaccess. Do you have anything in your .htaccess file that is forcing one format to the other (a URL redirect from "with" www. to "without" or vice-versa)? A WSoD usually means an error occurred, which should be logged somewhere. Read my sig > FAQs > "Blank page/White Screen of Death" for hints on where to look. Did you have SEO or any other add-ons on your old site, that might have left traces in your .htaccess file? In the process of re-installation, did you re-install all your add-ons? Did you change servers or change osC versions?
ericsmith65 Posted October 10, 2010 Posted October 10, 2010 I have decided to start my site over, since for me the security is more important than anything else. I uninstalled OSC and reinstalled it, now when I type my URL into the browser with a www at the start I get a blank page. If I type in just my site or http my site will come up. What have I managed to mess up? Thanks in advance, Heather I recently pointed my site to an alternate server and was given instruction by my original host to switch over my existing account to a free account with them (the new host cannot carry .co.nz sites). Being the expert that I am (I'm not) I got my wires crossed and pointed the site to the new sever successfully but then closed the account on which my OS Commerce shop was sitting (not what I was told to do!). I wrote to my original host and they graciously gave me the files for the shop they had but I do not have the "index file" so for all intents and purposes I am screwed and probably need to buy another cart and pay someone to customize the whole thing again. Any suggestions? Yes Heather I feel your pain. In my defense I'm a guy with no head for any of this web stuff but work with it out of necessity. ...Help! Eric 7k.co.nz
♥geoffreywalton Posted October 11, 2010 Posted October 11, 2010 Here is a pretty clean index.php. It might be better to download a fresh copy of osc and use that. How well it works depends on the amount of customisation you did. HTH G <?php /* $Id: index.php 1739 2007-12-20 00:52:16Z hpdl $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce Released under the GNU General Public License */ require('includes/application_top.php'); // the following cPath references come from application_top.php $category_depth = 'top'; if (isset($cPath) && tep_not_null($cPath)) { $categories_products_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS_TO_CATEGORIES . " where categories_id = '" . (int)$current_category_id . "'"); $cateqories_products = tep_db_fetch_array($categories_products_query); if ($cateqories_products['total'] > 0) { $category_depth = 'products'; // display products } else { $category_parent_query = tep_db_query("select count(*) as total from " . TABLE_CATEGORIES . " where parent_id = '" . (int)$current_category_id . "'"); $category_parent = tep_db_fetch_array($category_parent_query); if ($category_parent['total'] > 0) { $category_depth = 'nested'; // navigate through the categories } else { $category_depth = 'products'; // category has no products, but display the 'no products' message } } } require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_DEFAULT); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html <?php echo HTML_PARAMS; ?>> <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>"> <title><?php echo TITLE; ?></title> <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> <link rel="stylesheet" type="text/css" href="stylesheet.css"> <script type="text/javascript" src="js/jquery-1.2.3.min.js"></script> <script type="text/javascript" src="js/jquery.hoverIntent.minified.js"></script> <script type="text/javascript" src="js/superfish.js"></script> <script type="text/javascript" src="js/site.js"></script> </head> <body> <!-- header //--> <?php require(DIR_WS_INCLUDES . 'header.php'); ?> <!-- header_eof //--> <!-- body //--> <table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td width="<?php echo BOX_WIDTH; ?>" valign="top"> <table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="0"> <!-- left_navigation //--> <?php require(DIR_WS_INCLUDES . 'column_left.php'); ?> <!-- left_navigation_eof //--> </table></td> <!-- body_text //--> <?php if ($category_depth == 'nested') { $category_query = tep_db_query("select cd.categories_name, c.categories_image from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where c.categories_id = '" . (int)$current_category_id . "' and cd.categories_id = '" . (int)$current_category_id . "' and cd.language_id = '" . (int)$languages_id . "'"); $category = tep_db_fetch_array($category_query); ?> <td width="100%" valign="top"><table id="main_table" border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td> <div id="greeting_box"><?php echo tep_customer_greeting(); ?></div> <table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td class="pageHeading"><?php echo $category['categories_name'] ?></td> </tr> </table> </td> </tr> <tr> <td> <ul> <?php if (isset($cPath) && strpos('_', $cPath)) { // check to see if there are deeper categories within the current category $category_links = array_reverse($cPath_array); for($i=0, $n=sizeof($category_links); $i<$n; $i++) { $categories_query = tep_db_query("select count(*) as total from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where c.parent_id = '" . (int)$category_links[$i] . "' and c.categories_id = cd.categories_id and cd.language_id = '" . (int)$languages_id . "'"); $categories = tep_db_fetch_array($categories_query); if ($categories['total'] < 1) { // do nothing, go through the loop } else { $categories_query = tep_db_query("select c.categories_id, cd.categories_name, c.categories_image, c.parent_id from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where c.parent_id = '" . (int)$category_links[$i] . "' and c.categories_id = cd.categories_id and cd.language_id = '" . (int)$languages_id . "' order by sort_order, cd.categories_name"); break; // we've found the deepest category the customer is in } } } else { $categories_query = tep_db_query("select c.categories_id, cd.categories_name, c.categories_image, c.parent_id from " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where c.parent_id = '" . (int)$current_category_id . "' and c.categories_id = cd.categories_id and cd.language_id = '" . (int)$languages_id . "' order by sort_order, cd.categories_name"); } $number_of_categories = tep_db_num_rows($categories_query); $rows = 0; while ($categories = tep_db_fetch_array($categories_query)) { $rows++; $cPath_new = tep_get_path($categories['categories_id']); $width = (int)(100 / MAX_DISPLAY_CATEGORIES_PER_ROW) . '%'; echo '<li><a href="' . tep_href_link(FILENAME_DEFAULT, $cPath_new) . '">' . $categories['categories_name'] . '</a></li>'; } // needed for the new products module shown below $new_products_category_id = $current_category_id; ?> </ul> </td> </tr> <tr> <td> <div id="products_holder"> <?php include(DIR_WS_MODULES . FILENAME_NEW_PRODUCTS); ?> </div> </td> </tr> </tr> </table></td> <?php } elseif ($category_depth == 'products' || isset($HTTP_GET_VARS['manufacturers_id'])) { // create column list $define_list = array('PRODUCT_LIST_MODEL' => PRODUCT_LIST_MODEL, 'PRODUCT_LIST_NAME' => PRODUCT_LIST_NAME, 'PRODUCT_LIST_MANUFACTURER' => PRODUCT_LIST_MANUFACTURER, 'PRODUCT_LIST_PRICE' => PRODUCT_LIST_PRICE, 'PRODUCT_LIST_QUANTITY' => PRODUCT_LIST_QUANTITY, 'PRODUCT_LIST_WEIGHT' => PRODUCT_LIST_WEIGHT, 'PRODUCT_LIST_IMAGE' => PRODUCT_LIST_IMAGE, 'PRODUCT_LIST_BUY_NOW' => PRODUCT_LIST_BUY_NOW); asort($define_list); $column_list = array(); reset($define_list); while (list($key, $value) = each($define_list)) { if ($value > 0) $column_list[] = $key; } $select_column_list = ''; for ($i=0, $n=sizeof($column_list); $i<$n; $i++) { switch ($column_list[$i]) { case 'PRODUCT_LIST_MODEL': $select_column_list .= 'p.products_model, '; break; case 'PRODUCT_LIST_NAME': $select_column_list .= 'pd.products_name, '; break; case 'PRODUCT_LIST_MANUFACTURER': $select_column_list .= 'm.manufacturers_name, '; break; case 'PRODUCT_LIST_QUANTITY': $select_column_list .= 'p.products_quantity, '; break; case 'PRODUCT_LIST_IMAGE': $select_column_list .= 'p.products_image, '; break; case 'PRODUCT_LIST_WEIGHT': $select_column_list .= 'p.products_weight, '; break; } } //rebuild breadcrumb $breadcrumb->reset(); for ($i=0, $n=sizeof($cPath_array); $i<$n; $i++) { $categories_query = tep_db_query("select categories_name from " . TABLE_CATEGORIES_DESCRIPTION . " where categories_id = '" . (int)$cPath_array[$i] . "' and language_id = '" . (int)$languages_id . "'"); if (tep_db_num_rows($categories_query) > 0) { $categories = tep_db_fetch_array($categories_query); $breadcrumb->add($categories['categories_name'], tep_href_link(FILENAME_DEFAULT, 'cPath=' . implode('_', array_slice($cPath_array, 0, ($i+1))))); } else { break; } } // show the products of a specified manufacturer if (isset($HTTP_GET_VARS['manufacturers_id'])) { if (isset($HTTP_GET_VARS['filter_id']) && tep_not_null($HTTP_GET_VARS['filter_id'])) { // We are asked to show only a specific category $listing_sql = "select " . $select_column_list . " p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from " . TABLE_PRODUCTS . " p left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_MANUFACTURERS . " m, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where p.products_status = '1' and p.manufacturers_id = m.manufacturers_id and m.manufacturers_id = '" . (int)$HTTP_GET_VARS['manufacturers_id'] . "' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . (int)$languages_id . "' and p2c.categories_id = '" . (int)$HTTP_GET_VARS['filter_id'] . "'"; } else { // We show them all $listing_sql = "select " . $select_column_list . " p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from " . TABLE_PRODUCTS . " p left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_MANUFACTURERS . " m where p.products_status = '1' and pd.products_id = p.products_id and pd.language_id = '" . (int)$languages_id . "' and p.manufacturers_id = m.manufacturers_id and m.manufacturers_id = '" . (int)$HTTP_GET_VARS['manufacturers_id'] . "'"; } } else { // show the products in a given categorie if (isset($HTTP_GET_VARS['filter_id']) && tep_not_null($HTTP_GET_VARS['filter_id'])) { // We are asked to show only specific catgeory $listing_sql = "select " . $select_column_list . " p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from " . TABLE_PRODUCTS . " p left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_MANUFACTURERS . " m, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where p.products_status = '1' and p.manufacturers_id = m.manufacturers_id and m.manufacturers_id = '" . (int)$HTTP_GET_VARS['filter_id'] . "' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . (int)$languages_id . "' and p2c.categories_id = '" . (int)$current_category_id . "'"; } else { // We show them all $listing_sql = "select " . $select_column_list . " p.products_id, p.manufacturers_id, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price from " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_PRODUCTS . " p left join " . TABLE_MANUFACTURERS . " m on p.manufacturers_id = m.manufacturers_id left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c where p.products_status = '1' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '" . (int)$languages_id . "' and p2c.categories_id = '" . (int)$current_category_id . "'"; } } if ( (!isset($HTTP_GET_VARS['sort'])) || (!ereg('^[1-8][ad]$', $HTTP_GET_VARS['sort'])) || (substr($HTTP_GET_VARS['sort'], 0, 1) > sizeof($column_list)) ) { for ($i=0, $n=sizeof($column_list); $i<$n; $i++) { if ($column_list[$i] == 'PRODUCT_LIST_PRICE') { $HTTP_GET_VARS['sort'] = $i+1 . 'a'; $listing_sql .= " order by final_price desc"; break; } } } else { $sort_col = substr($HTTP_GET_VARS['sort'], 0 , 1); $sort_order = substr($HTTP_GET_VARS['sort'], 1); switch ($column_list[$sort_col-1]) { case 'PRODUCT_LIST_MODEL': $listing_sql .= " order by p.products_model " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; break; case 'PRODUCT_LIST_NAME': $listing_sql .= " order by pd.products_name " . ($sort_order == 'd' ? 'desc' : ''); break; case 'PRODUCT_LIST_MANUFACTURER': $listing_sql .= " order by m.manufacturers_name " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; break; case 'PRODUCT_LIST_QUANTITY': $listing_sql .= " order by p.products_quantity " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; break; case 'PRODUCT_LIST_IMAGE': $listing_sql .= " order by pd.products_name"; break; case 'PRODUCT_LIST_WEIGHT': $listing_sql .= " order by p.products_weight " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; break; case 'PRODUCT_LIST_PRICE': $listing_sql .= " order by final_price " . ($sort_order == 'd' ? 'desc' : '') . ", pd.products_name"; break; } } ?> <td width="100%" valign="top"><table id="main_table" border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td> <div id="greeting_box"><?php echo tep_customer_greeting(); ?></div> <table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td class="pageHeading"> <?php echo $breadcrumb->trail(' » '); ?><br> </td> <?php // optional Product List Filter if (PRODUCT_LIST_FILTER > 0) { if (isset($HTTP_GET_VARS['manufacturers_id'])) { $filterlist_sql = "select distinct c.categories_id as id, cd.categories_name as name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c, " . TABLE_CATEGORIES . " c, " . TABLE_CATEGORIES_DESCRIPTION . " cd where p.products_status = '1' and p.products_id = p2c.products_id and p2c.categories_id = c.categories_id and p2c.categories_id = cd.categories_id and cd.language_id = '" . (int)$languages_id . "' and p.manufacturers_id = '" . (int)$HTTP_GET_VARS['manufacturers_id'] . "' order by cd.categories_name"; } else { $filterlist_sql= "select distinct m.manufacturers_id as id, m.manufacturers_name as name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c, " . TABLE_MANUFACTURERS . " m where p.products_status = '1' and p.manufacturers_id = m.manufacturers_id and p.products_id = p2c.products_id and p2c.categories_id = '" . (int)$current_category_id . "' order by m.manufacturers_name"; } $filterlist_query = tep_db_query($filterlist_sql); if (tep_db_num_rows($filterlist_query) > 1) { echo ' <td align="center" class="main">' . tep_draw_form('filter', FILENAME_DEFAULT, 'get') . TEXT_SHOW . ' '; if (isset($HTTP_GET_VARS['manufacturers_id'])) { echo tep_draw_hidden_field('manufacturers_id', $HTTP_GET_VARS['manufacturers_id']); $options = array(array('id' => '', 'text' => TEXT_ALL_CATEGORIES)); } else { echo tep_draw_hidden_field('cPath', $cPath); $options = array(array('id' => '', 'text' => TEXT_ALL_MANUFACTURERS)); } echo tep_draw_hidden_field('sort', $HTTP_GET_VARS['sort']); while ($filterlist = tep_db_fetch_array($filterlist_query)) { $options[] = array('id' => $filterlist['id'], 'text' => $filterlist['name']); } echo tep_draw_pull_down_menu('filter_id', $options, (isset($HTTP_GET_VARS['filter_id']) ? $HTTP_GET_VARS['filter_id'] : ''), 'onchange="this.form.submit()"'); echo tep_hide_session_id() . '</form></td>' . "\n"; } } // Get the right image for the top-right $image = DIR_WS_IMAGES . 'table_background_list.gif'; if (isset($HTTP_GET_VARS['manufacturers_id'])) { $image = tep_db_query("select manufacturers_image from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . (int)$HTTP_GET_VARS['manufacturers_id'] . "'"); $image = tep_db_fetch_array($image); $image = $image['manufacturers_image']; } elseif ($current_category_id) { $image = tep_db_query("select categories_image from " . TABLE_CATEGORIES . " where categories_id = '" . (int)$current_category_id . "'"); $image = tep_db_fetch_array($image); $image = $image['categories_image']; } ?> <td align="right"> </td> </tr> </table></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr> <tr> <td><?php include(DIR_WS_MODULES . FILENAME_PRODUCT_LISTING); ?></td> </tr> </table></td> <?php } else { // default page ?> <td width="100%" valign="top"> <table id="main_table" border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td> <div id="greeting_box"><?php echo tep_customer_greeting(); ?></div> <img style="margin:5px 0 10px 0" src="images/hot_products.gif" alt="todays hot products"> <div id="products_holder"> <?php include(DIR_WS_MODULES . FILENAME_NEW_PRODUCTS); ?> </div> </td> </tr> <?php include(DIR_WS_MODULES . FILENAME_UPCOMING_PRODUCTS); ?> </table> </td> <?php } ?> <!-- body_text_eof //--> <td id="right_col_holder" width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2"> <!-- right_navigation //--> <?php require(DIR_WS_INCLUDES . 'column_right.php'); ?> <!-- right_navigation_eof //--> </table></td> </tr> </table> <!-- body_eof //--> <!-- footer //--> <?php require(DIR_WS_INCLUDES . 'footer.php'); ?> <?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?> </body> </html> Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>.
Guest Posted October 12, 2010 Posted October 12, 2010 Germ - Thanks for checking it out for me. I will start with securing my admin and go from there. MrPhil - I was hacked and I had used the security suggestions found in the how to secure your site. However, I was unable to use all of them due to some of my customizations. I figured it was better to start over starting with the security of my site :) - Thanks for the heads up on the WSOD. I did have addons on my old set up, but have not added any back on yet. I have never changed my htaccess or done any SEO yet. I am also on the same server with the same version of OSC. Thanks to all for your help :) Eric I hope that Geoffery's index can help you get back on the right track. Heather
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.